Government Office 365 plans get free MDM tools

Government IT managers looking for mobile device management (MDM) tools will get three new options with certain Office 365 subscription plans.

Microsoft rolled out these capabilities March 30 to subscribers to most Office 365 Business, Enterprise, Government and Education plans and will gradually release them to subscribers worldwide, the company said in its announcement.

The three capabilities include:

Conditional access allows IT managers to set up security policies on devices that connect to Office 365 to ensure that email and Office documents can be accessed only on designated, compliant phones and tablets.

Device management sets and manages security policies such as device-level pin lock and jailbreak detection to help prevent unauthorized users from accessing corporate email and data on a device when it is lost or stolen. Users might be required to have a password of a certain complexity or length, for instance. The compliance specifications that can be set will vary depending on the device's operating system platform. For instance, IT pros can't force Android 4 (or greater) devices to prevent the use of simple passwords as a compliance criterion, nor can they compel Windows Phone 8.1 devices to not be jail broken, according to Microsoft's TechNet description.

Selective wipe allows easy removal of Office 365 company data from an employee’s device while leaving their personal data in place. IT pros can use the Office 365 Admin Center to delete all information from a device or just the organizational data.

While there's no charge for the new security capabilities, Microsoft said that other "advanced" management capabilities are available via an Intune mobile device management subscription or Enterprise Mobility Suite licensing. The new free capabilities are enabled by Intune, as well as by Microsoft Azure Active Directory services, so Microsoft essentially has just carved out some of those capabilities and offered them at no cost to its Office 365 subscribers.

A Microsoft TechNet article shows that the new free "built-in" mobile device management capabilities in Office 365 subscriptions extend to iOS, Android and Windows Phone devices. For Windows devices, an Intune subscription is needed, according to the first table in that article. Consequently, it would seem that an Intune subscription would be required to get these management capabilities for a Windows tablet device.

Windows 10, still at the preview stage, isn't part of the current supported devices list for the new Office 365 mobile device management capabilities. The list just shows support for "Windows Phone 8.1, iOS 6 or later versions, Android 4 or later versions, Windows 8.1 and Windows 8.1 RT."

Some of Microsoft's Office 365 protection schemes are based on its Rights Management Service technology, but that's likely an extra cost for organizations managing mobile devices. Microsoft has frequently demonstrated an Office 365 capability that prevents copy-and-paste actions by end users, as demonstrated by Julia White, general manager of Microsoft Office product management, at Microsoft's TechEd event last year. However, that capability, which apparently taps the Azure Rights Management Service, will require having Enterprise Mobility Suite licensing in place. Microsoft has also described this technology as being built into Windows 10 through the use of container technology.

In a nutshell, it appears that the new free Office 365 mobile device management capabilities likely just apply to the use of Office Web apps. Specific mobile management capabilities will vary per the OS platform deployed. In other words, it's a complicated picture, and that complexity could help Microsoft sell its Enterprise Mobility Suite licensing or Intune subscriptions for organizations going down the mobility device management road.

A longer version of this article originally appeared on Redmond, a sister site to GCN.

About the Author

Kurt Mackie is the online news editor for the 1105 Enterprise Computing Group sites, including Redmondmag.com, RCPmag.com and MCPmag.com.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.